On Tue, Sep 19, 2017 at 1:24 PM, Vaishnavi Prabakaran <vaishnaviprabaka...@gmail.com> wrote: > On Mon, Aug 14, 2017, Michael Paquier <michael.paqu...@gmail.com> wrote: >>Attached is a set of 3 patches: > > I tried to review the patch and firstly patch applies cleanly without any > noise.
Thanks for the review, Vaishnavi.
>>- 0001 removes ALLOW_DANGEROUS_LO_FUNCTIONS
>
> I think it is better to remove "ALLOW_DANGEROUS_LO_FUNCTIONS" from
> pg_config_manual.h as well.
Indeed. Fixed.
>>@@ -163,22 +150,16 @@ lo_read(int fd, char *buf, int len)
>> ....
>> + if ((lobj->flags & IFS_RDLOCK) == 0)
>>+ ereport(ERROR,
>>+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
>>+ errmsg("large object descriptor %d was not opened for reading",
>>+ fd)));
>
> Do we ever reach this error? Because per my understanding
This error can be reached, and it is part of the regression tests. One
query which passed previously is now failing:
+SELECT loread(lo_open(1001, x'20000'::int), 32); -- fail, wrong mode
+ERROR: large object descriptor 0 was not opened for reading
> I think documented behavior is more appropriate and post ACL
> checks for select and update permissions in inv_open(), IFS_RDLOCK flag
> should be set regardless of mode specified.
OK, so that's one vote for keeping the existing API behavior with
write implying read. Thanks for the input. At least I can see no
complains about patches 1 and 2 :)
--
Michael
0001-Remove-ALLOW_DANGEROUS_LO_FUNCTIONS-for-LO-related-s.patch
Description: Binary data
0002-Replace-superuser-checks-of-large-object-import-expo.patch
Description: Binary data
0003-Move-ACL-checks-for-large-objects-when-opening-them.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
